iOS vs. Android: Which mobile OS is more secure?

A new independent study by security experts at Symantec attempted to measure how secure Apple’s iOS and Google’s Android platform are, and also to determine how these mobile platforms stack up against desktop operating systems. Symantec claims that these mobile platforms are much more secure than today’s popular desktop operating systems, though the firm does note that the key variable, as always, is the human element. “Today’s mobile devices are a mixed bag when it comes to security,” said Carey Nachenberg, Symantec Fellow and Chief Architect, in a statement. “While more secure than traditional PCs, these platforms are still vulnerable to many traditional attacks. Moreover, enterprise employees are increasingly using unmanaged, personal devices to access sensitive enterprise resources, and then connecting these devices to 3rd-party services outside of the governance of the enterprise, potentially exposing key assets to attackers.” While Symantec neglects to reach a firm conclusion regarding which mobile OS is the most secure, the firm definitely seems to favor iOS more often than not. It says iOS’ app screening procedure plays a big role in the operating system’s security, and it also says the platform’s architecture makes it better at resisting malware attacks and data integrity attacks. It also says iOS offers better encryption and more secure access control for apps. Symantec’s full press release follows below.

Chief among the findings is that while the most popular mobile platforms in use today were designed with security in mind, these provisions are not always sufficient to protect sensitive enterprise assets that regularly find their way onto devices. Complicating matters, today’s mobile devices are increasingly being connected to and synchronized with an entire ecosystem of 3rd-party cloud and desktop-based services outside the enterprise’s control, potentially exposing key enterprise assets to increased risk.

The paper offers a detailed analysis of the security models employed by Apple’s iOS and Google’s Android platforms, evaluating each platform’s effectiveness against today’s major threats, including:

Web-based and network-based attacks

Malware

Social engineering attacks

Resource and service availability abuse

Malicious and unintentional data loss

Attacks on the integrity of the device’s data

This analysis has led to some important conclusions:

While offering improved security over traditional desktop-based operating systems, both iOS and Android are still vulnerable to many existing categories of attacks.

iOS’s security model offers strong protection against traditional malware, primarily due to Apple’s rigorous app certification process and their developer certification process, which vets the identity of each software author and weeds out attackers.

Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection. This lack of certification has arguably led to today’s increasing volume of Android-specific malware.

Users of both Android and iOS devices regularly synchronize their devices with 3rd-party cloud services (e.g., web-based calendars) and with their home desktop computers. This can potentially expose sensitive enterprise data stored on these devices to systems outside the governance of the enterprise..

So-called “jailbroken” devices, or devices whose security has been disabled, offer attractive targets for attackers since these devices are every bit as vulnerable as traditional PCs.

Quotes:

“Today’s mobile devices are a mixed bag when it comes to security,” said Carey Nachenberg, Symantec Fellow and Chief Architect, Symantec Security Technology and Response. “While more secure than traditional PCs, these platforms are still vulnerable to many traditional attacks. Moreover, enterprise employees are increasingly using unmanaged, personal devices to access sensitive enterprise resources, and then connecting these devices to 3rd-party services outside of the governance of the enterprise, potentially exposing key assets to attackers.”

About Security Technology and Response

The Security Technology and Response (STAR) organization, which includes Security Response, is a worldwide team of security engineers, threat analysts and researchers that provides the underlying functionality, content and support for all Symantec corporate and consumer security products. With Response centers located throughout the world, STAR monitors malicious code reports from more than 130 million systems across the Internet, receives data from 240,000 network sensors in more than 200 countries and tracks more than 25,000 vulnerabilities affecting more than 55,000 technologies from more than 8,000 vendors. The team uses this vast intelligence to develop and deliver the world’s most comprehensive security protection.

Do you read these articles, or just write the same thing in every article that mentions iOS?

http://twitter.com/jimboxp Jimbo D.

Yeah, and I had to hit “force close” on an app probably 10 times a day when I had a droid. iOS ftw!

http://twitter.com/eRocatemysocks Eric Tamez

So don’t download a crap app. There, fixed it for you. CommonSenseFTW!!

Doug

common sense and at least a buck will get you coffee served by an idiot. Of course, that idiot is going to have a malware infested phone, but what can you do? A technically inclined person or a paranoid will avoid the malware, people who are just wanting a quick cheap app or are 13 will get caught.

Just because some people are stupid, it doesn’t mean they deserve malware if it can be addressed by a better system design.

Zac Caslin

Kinda hard when they are all crap.

Anonymous

Semantics. iOS just closes the app and sends you back to the homescreen instead of giving an error message. It’s the Mobile OS crash equivalent of “These aren’t the droids you’re looking for”. Garageband crashes probably 1 out of 2 times I use it on my ipad.

QNX Please

Neither are as secure as Blackberry OS. But leave it to BGR to conclude that iOS is more secure because it seemed more secure in more fields, while ignoring what those fields were. The biggest security breach comes from being able to unlock and search a phone if its been stolen, or intercepting data transmissions. iOS fails miserably in both.

Anonymous

Yeah but all that can be quickly fix. Apple not so long ago hired a expert on data encryption that was a top dog at the NSA, so I bet they’re working on it. What is Rim doing to improve the user experience? Jack shit.

Yoyoma

They are using QNX in their next Generation Handsets, and they have acquired TAT to build a beautiful UI, just like they have on the playbook. So suck it…

Anonymous

Lmao, you say it like suckbooks are flying out of store shelves Lmao. #s speak for themselves.

QNX

@keymaker:disqus McDonalds Sells millions of hamburgers everyday, even thought their burgers are pure shit. The quality of a product is not always determined by how much they sell.

The Playbook is the Best Tablet ever made. If you disagree, you are wrong.

Zac Caslin

That beautiful UI is nothing but a rip off of Web OS.

http://twitter.com/kaydpea chris moore

ahahahaha @qnx, saying the playbook is the best tablet ever made, i’ll give you the fact that it should be good, but just like all of RIM’s products, it’s got some crippling flaw that has doomed it from the start, considering the playbook doesn’t even do EMAIL i’d say it’s not the best tablet ever made.

MrMan

You sir sound like an idiot. BGR didn’t conclude anything. BGR didn’t do the study. Is reading comprehension that much of a problem for you? lol

Anonymous

If you want a secure OS, you get Blackberry. If you want a “fun” OS (some would argue a more functional OS) you choose Android or iOS. Neither one of them is “super secure”

It should also be mentioned that Symantec is trying to market apps on Android, so it is in their best interest to say it is less secure.

That being said, we all know that if this report came out that Android was “more secure” it wouldn’t make it on BGR’s site anyway.

http://twitter.com/eRocatemysocks Eric Tamez

Blackberry has been hacked every Pwn2Own conference. Same with Apple. Android has survived the past 2 years. Win phone 7 survived this year as well. Did everyone forget this already?

Anonymous

No one, NO ONE, can break into anything Google. Even the Chinese tried and Google let them in just so they could accuse them of espionage.

Waterpotumus

This is just….. SUPER CLEVER! I mean, the way you pretend to hate Apple in order to throw stones at Google…. just….. FANTASTIC! It sorta reminds me of the kinda passive-agressive thing I used to do when I was, like FIVE. Just fantastic!

Anonymous

Oh no you din’t. No sire, you din’t… I hate Apple with all my heart. Otherwise, my friends will first beat me up and then won’t talk to me or come to my mom’s basement, where I presently live.

Guest

Actually, no… they only got hacked at the last conference due to the new webkit browser (something they didn’t have before in OS5 so I guess an oversight in trying to improve the speed (from glacial to slightly less glacial)). Turning off one of the features (can’t remember which one) blocked the way in.

Anonymous

What does HMPRSSTV stand for? O.o

Anonymous

I remember! Last time blackberry were hacked on their webkit browser (yeah it is new browser for them). But not sure if Pwn2Own has a structured and systematic way of finding or assessing security loop hole in every aspect of a smartphone. Not just try to find a break on a system.

Anonymous

The first BB to be hacked at Pwn2Own was the os 6 version using an exploit via the webkit browser. No OS5 or below berries had been taken down before that.

And Android did fall. Win phone was the only one to make it through without being exploited.

Anonymous

Unfortunately for RIMMERS (or ex-RIMMERS in my case) I don’t know how much longer that will be the case. Meaning, how long does RIM have???

Anonymous

Didn’t need to read the article. If BGR posted it, iOS must have come out on top.

in any article or situation ios comes out on top, bgr is just the messenger :)

http://pulse.yahoo.com/_JNKVTT7PJMXPYP2GVCIERBQQCU Andrew

Aw did someone get a trojan on their precious android when they downloaded the “horny asian girls” app?

Booboolala2000

only your sister

Rebelgate

Theres a horny Asian girls app?

*searches*

Nothin came up… What gives?

Anonymous

The article states that the problem is not necessarily with the OS, but with all the apps you are placing on the OS. Your providing excessive access to these apps to all the “private” areas of your device – e-mail, contacts, messages, gps, etc. Sure, it makes it a hell of a device as it’s integrated into everything, but that also means any of these app companies can see/store your info. Think of every “read my mail while i’m driving app” – how you do you think those work? The text is sent to a server, translated, and then sent back. Any idea what they do with that after it’s been translated?

These same apps exist on the blackberries too – difference is, a hardcore BES admin will block you from installing them on your “work” device. That you can’t easily do with iOS or Android today.

Jack Daniels

Wow Zach another flame war article. Way to go buddy. Now we just need a few more analyst articles and you can call it a day. How about you work on making BGR a real tech blog and not a stupid flame bait, analyst…… bullshit site.

Yea guys I know don’t come here if you don’t like it. Don’t worry I won’t. Maybe if all of you follow that too they will change this place. It’s really really sad.

D4life74

Why should anyone leave this site, because you said so. I see this play out on the comments section of every tech site I go to. You bitchy android fans see a favorable post about iOS, and start crying about bias. It’s the better platform, deal with it. Hell, app companies are even doing commercials now, that’s how big iOS has gotten, and it’s not gonna change anytime soon. It’ll keep getting bigger and bigger. Grow up.

Booboolala2000

lol analyst articles.

Jack Daniels

Wow Zach another flame war article. Way to go buddy. Now we just need a few more analyst articles and you can call it a day. How about you work on making BGR a real tech blog and not a stupid flame bait, analyst…… bullshit site.

Yea guys I know don’t come here if you don’t like it. Don’t worry I won’t. Maybe if all of you follow that too they will change this place. It’s really really sad.

Anonymous

It’s obvious to me that Symantec wants to get bought out by Apple. In addition, since Google is totally infallible, Google’s existence is a threat to Symantec. Simple! Anyone care to challenge the notion that Google is 100% infallible?

http://pulse.yahoo.com/_ML67DN65LGCQWCZENTJX5Z7TYI Dollie Flynn

I paid $32.67 for a XBOX 360 and my mom got a 17 inch Toshiba laptop for $94.83 being delivered to our house tomorrow by FedEX. I will never again pay expensive retail prices at stores. I even sold a 46 inch HDTV to my boss for $650 and it only cost me $52.78 to get. Here is the website we using to get all this stuff, LiveCent. com

http://relevanttech.weebly.com iamsupreme

A/S/L? Got any pix?

Anonymous

the easy answer to this question is blackberry os and qnx. have a nice day.

IPwn

Did you forgot that blackberry was hacked at pwn2own? I know apple was too but blackberries aren’t as secure as many make them out to be.

Anonymous

I remember! Last time blackberry were hacked on their webkit browser
(yeah it is new browser for them). But not sure if Pwn2Own has a
structured and systematic way of finding or assessing security loop hole
in every aspect of a smartphone. Not just try to find a break on a
system.

The first links to a FUD article that screams that your NAME is attached to purchased music… hmm, maybe don’t put your purchased music on a file sharing site? Or just burn it to a disc. And it was disclosed, since I knew about it back when they went away from DRM. For the second, this is clearly due to jailbreaking. Which Apple advises against. The third is a poorly written blog with an opinion that fast-app switching and background processes doesn’t function as good or better than “conventional” multi-tasking. It’s the end result, right? Not the method.

The first one… so what? Still free. Second one is a combo platter of inaccurate: the first link doesn’t work; the second one refers to a beta version of DESKTOP Safari; and the third actually highlights how Apple asks permission and is more of a “what-if?” piece.

“Screen/User Interface:
– iDon’t have a scalable OS, apps on the iPad are simply stretched to fit.”

The first one is wrong: iOS is scalable, referring to the operating system. You can run iPHONE apps on the iPad and it will double the size; you can also just download apps that are either universal or written for the iPad. There’s like 75,000.

“Media/camera:
– iDon’t have decent camera (small sensor and 72 DPI, which is less than most 5mp phones)”

This one links to an article about the 3GS, not the iPhone 4 (which is regarded as having one of the best cameras on the market). See what I mean about out-dated and misleading info? You like sensational headlines, don’t you?

“Design:
– iDon’t sell cheap but my value at FOXCONN in China(1), where I am made, is ~190$(2)”

You know that Apple is not the only company to manufacture at Foxconn, right? And the second link refers to an estimate (that ignores overhead, r&d costs, marketing, etc) and even goes to say their estimate is higher than the DROID which was a similar price.

So, per your offer, I expect your blog to be updated. That is, if you were actually being serious. Personally, I think you just hate anything Apple, scour the internet for any headline you could twist to fit your agenda, and offer no balance at all.

Being a blind hater of a company is no different/better than being a blind fanboy.

Anonymous

Blind hatred is the only way us Goofans (aka Apple Haters) are. Pure unadulterated hatred for anything Apple. We can’t stand a single Apple product. We believe that all Apple’s products are bad. That’s what we talk about on sites like this. As a matter of fact we believe any Android device is more powerful than the most powerful of Apple’s computer, say, a MacPro with 8 processors, for example. At least that’s what our fellow Goofans (aka Apple Haters) have told us and we believe them. Only them.

Anonymous

Shut up retarded boy

Donevans

love my droid, love talking it up to people, can’t deny that both the apple and the berry are fine little fruits. We all win in this furious, high stakes, high speed competition for our tech bucks. So all you techno jihadist haters keep on hating and the rest of us will just enjoy our cool phones and keep spreading the love spread the love

http://relevanttech.weebly.com iamsupreme

I have a Rolodex and notepad with me at all times. I also carry a Desert Eagle strapped to my waist. iOS and Android got nothing on me and my security.

Anonymous

So it’s not really about which OS is more secure, but which business model for the app store is more secure correct? Last i recall, iOS lost those hacker challenges pretty soundly.

Bringit

iOS wins. Again.

That’s the price of freedom.

Anonymous

Ill take the freedom

Doug

Make your fences where you will, neither truly offer “freedom”

Anonymous

The problem with that question is that the former does not qualify as an OS, mobile or otherwise. Therefore, by default of no REAL competition, GOOGLE wins!!!!!!

Anonymous

Well lets hope ios is more secure, everything is behind a fucking walled garden.